Ad
Ad
evertiq.com
Free newsletter (more)

Pwn2Own 2010: iPhone hacked, SMS database hijacked

Security researchers Vincenzo Iozzo from Zynamics GmbH and Ralf-Philipp Weinmann from the University of Luxembourg won the "iPhone" section of the renowned PWN2OWN contest in Vancouver, Canada.

March 26 2010, 6:50 AM
The contest pits the world's leading security researchers against the latest versions of common operating systems and platforms.

In 2009, researchers failed to compromise the iPhone, confounding general expectations. This year, Iozzo and Weinmann had to put in extra effort to bypass the "code signing" and data execution prevention (DEP) technologies that prevent arbitrary code from running on the phone as well as defeat straightforward exploitation of buffer and heap overflow bugs. In order to achieve this result, they chained existing code bits in a technique commonly known as "return-into-libc" or "return-oriented-programming".

It is the first time that this technique has been publicly demonstrated on a real-world telephone. The attack allowed them to execute code on the iPhone when a user visits a malicious website. The demonstrated attack code steals the SMS database from the phone, albeit other attack payloads are easily possible.

The organizers of the contest will communicate the details of the attack to the vendors and will not make the details of the attack public until the vendors can properly patch it.
Anke Schröter
Anke Schröter

Comments

Please note the following: Critical comments are allowed and even encouraged. Discussions are welcome. Verbal abuse, insults and racist / homophobic remarks are not. Such comments will be removed.

Further details can be found here.

blog comments powered by Disqus

Seho appoints new Technical Director

Thomas Herz is assuming the duties of Technical Director for the Selective Soldering Department at Seho Systems, effective immediately, the company announced today.

February 08 2012, 4:10 PM

JJS buys Mirtec equipment

JJS Electronics has invested in new Automatic Optical Inspection equipment from Mirtec to keep up with escalating PCB demand.

February 08 2012, 3:10 PM
Ad
Ad

© America II
Exclusive Interview

'Europe is still a growth opportunity'

What is Europe to an independent distributor like America II? A growth opportunity of course.

February 08 2012, 2:00 PM

©alexander-podshivalov-dreamstime.com

Endicott partners with Eltek in Israel

Endicott Interconnect Technologies, Inc. has appointed Eltek as its sales partner for Israel.

February 08 2012, 1:00 PM

Viking sells machine

Spirit Circuits, Waterlooville, UK have ordered an automated Co-ordinate Measurement Machine from Viking Test.

February 08 2012, 12:00 PM

Goepel enters into partnership with nanoX

Goepel electronic and the Asian enterprise nanoX Technology Pte. Ltd. have entered into a strategic partnership to distribute systems for Automated X-ray Inspection (AXI).

February 08 2012, 11:05 AM

© Nokia

Nokia Update: Hungary takes heavy hit

Nokia today announced 4,000 cuts across three factories in Hungary, Mexico and Finland. Evertiq has received information on the number of cuts planned at each factory.

February 08 2012, 10:05 AM

© Evertiq

Nokia to shift device assembly to Asia - cut 4,000 jobs

Nokia has today announced planned changes at its factories in Komarom, Hungary, Reynosa, Mexico and Salo, Finland. The company will move device assembly to Asia, impacting approximately 4,000 employees.

February 08 2012, 9:08 AM

©tom_schmucker-dreamstime.com

Cliff Electronics wins US counterfeit case

Cliff Electronics has won a court case to protect itself against counterfeited products sold in the USA.

February 08 2012, 9:00 AM
More News
1 2 3 4
Build: februari 08 2012 2:28 em, Web 2, #457 admin